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51 1171561 STORAGE () (MEDIA? ? OR MEDIUM? ?) OR DVD OR DISK? OR DISC? ? 

OR CD OR CD () ROM OR TAPE? ? OR (DAT OR DIGITAL () ANALOG OR CA- 
SSETTE) ()TAPE? ? 
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14/3, K/8 (Item 7 from file: 350) 

DIALOG (R) File 350:Derwent WPIX 
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014735538 **Image available** 

WPI Acc No: 2002-556242/200259 

XRPX Acc No: N02-440199 

Distributed file system for storage devices network, has key manager 
maintaining encryption-decryption keys used by clients to encrypt-decrypt 
data in storage devices and lock manager for encrypted data transfer 

Patent Assignee: INT BUSINESS MACHINES CORP (IBMC ) 

Inventor: BURNS R C; CHRON E G; LONG D; REED B C 

Number of Countries: 001 Number of Patents: 001 

Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

US 6405315 Bl 20020611 US 97927772 A 19970911 200259 B 

Priority Applications (No Type Date) : US 97927772 A 19970911 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
US 6405315 Bl 20 G06F-011/30 

... by clients to encrypt-decrypt data in storage devices and lock manager 

for encrypted data transfer 
Abstract (Basic) : 

... A key manager maintains various encryption and decryption keys 

which are used by respective authorized client to remotely encrypt 
and decrypt data objects accessed from a storage device. A lock manager 
maintains data consistency while transferring encrypted data files 
and metadata describing a directory structure in secured manner from 
one storage . . . 

For network of storage devices such as direct access disk 
drives (DASD) , optical storage disks , tape drives, computers and 
instruments having storage units or combination of computers and 
instruments to implement virtual file system (VFS) used by UNIX. . . 

. . .performed only by a client, overhead to a storage device is reduced. 

Since data is transferred directly between the storage devices, 

overhead to a client is minimized... 
. . .Title Terms: TRANSFER 
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WPI ACC NO: 2000-453545/200040 

XRPX ACC No: N00-337824 

Data storage apparatus for electronic documents e.g. contracts, domicile 
certificates on data networks using key management function unique to 
data storage when transmitting or receiving 

Patent Assignee: FUJITSU LTD (FUIT ) 

Inventor: IWASE S; KAMADA J; KURODA Y; NODA B; ONO E 
Number of Countries: 027 Number of Patents: 003 
Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

EP 1011222 A2 20000621 EP 99304647 A 19990615 200040 B 

JP 2000181803 A 20000630 JP 98360345 A 19981218 200043 

US 6915434 Bl 20050705 US 99327477 A 19990608 200544 



Priority Applications (No Type Date) : JP 98360345 A 19981218 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
EP 1011222 A2 E 38 H04L-009/08 

Designated States (Regional) : AL AT BE CH CY DE DK ES FI FR GB GR IE IT 

LI LT LU LV MC MK NL PT RO SE SI 
JP 2000181803 A 23 G06F-012/14 

US 6915434 Bl H04L-009/32 

Data storage apparatus for electronic documents e.g. contracts , domicile 
certificates on data networks using key management function unique to 
data storage when transmitting or receiving 

Abstract (Basic) : 

apparatus (10) is managed by key management unit (12) .The 
encryption unit (13) generates a key , encrypts and verifies the 
electronic data. The key storage unit (14,15,16) stores key unique to 
data as individual, group or public. And a communication unit (18) is 
used for transmitting and receiving electronic data on a network. 

INDEPENDENT CLAIM is also included for a method of managing 
electronic data in a storage apparatus , a computer program product 
stored on a computer readable storage medium . 



...For electronic documents e.g. contracts , domicile certificates 
transmitted or received on a data network. . . 



. . .The security of data is guaranteed 
from another storage device after 
shared with receiving apparatus 

...Title Terms: TRANSMIT ; 



by transmitting to and receiving 

re -encrypting using a common key 
when verification result is correct 
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WPI Acc No: 1993-053111/199231 

XRPX ACC No: N93 -040649 

Computer security device for permitting limited access to storage 
media - has logic circuit located in series between disk drive and 
disk controller which is key operable to allow selective disable or 
enable 

Patent Assignee: KIVELL S N (KIVE-I) 
Inventor: KIVELL S N 

Number of Countries: 001 Number of Patents: 001 
Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

ZA 9104447 A 19920624 ZA 914447 A 19910611 199231 B 

Priority Applications (No Type Date) : ZA 902420 A 19900329 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
ZA 9104447 A 7 G06C-000/00 

Computer security device for permitting limited access to storage 
media - . • • 

. . .has logic circuit located in series between disk drive and disk 
controller which is key operable to allow selective disable or enable 

. . .Abstract (Basic) : The device includes the logic circuit (12) operable by 
a key (14) , card or code of an authorised person and is located in 
series between the disc , drive and the disc controller for the data 
and control signals to the disc drive to be controlled... 

. . .The key is adopted to enable an authorised person to selectively 
disable or enable the disc read/write of the computer circuitry. If 
the floppy drive is write protected an unauthorised. . . 

. . .held in the hard drive and when write protected it will not be possible 
to transfer a virus onto the hard drive of the disc . 



.Title Terms: DISC ; 
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014612937 **Image available** 

WPI Acc No: 2002-433641/200246 

XRPX ACC No: N02-341207 

Public key management method for communication system, involves 
verifying whether public key certificate related to security 
operation is authentic, based on which notification is performed to 
client application 

Patent Assignee: ENTRUST TECHNOLOGIES LTD (ENTR-N) 

Inventor: VAN OORSCHOT P C 

Number of Countries: 001 Number of Patents: 001 
Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

US 6370249 Bl 20020409 US 97901054 A 19970725 200246 B 

Priority Applications (No Type Date) : US 97901054 A 19970725 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
US 6370249 Bl 15 H04L-009/00 

Public key management method for communication system, involves 
verifying whether public key certificate related to security 
operation is authentic, based on which notification is performed to 
client application 

Abstract (Basic) : 

... A client cryptographic engine is evoked by a client application 

to determine whether a public key certificate associated with the 
security related operation, is authentic. The cryptographic engine 
indicates that the security. . . 

... 2) Trust certification authority... 

...4) Digital storage medium comprising program for causing processing 
unit to function as client cryptographic engine... 

. . .The public key management method allows online real time updating of 
trusted public keys of certification authorities by enabling 
communication between client end cryptographic engines. Secure 
communication system is more flexible. . . 

... Certification authorities (34,46,58 
...Title Terms: VERIFICATION ; 
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WPI Acc No: 2004-675357/200466 

Related WPI Acc No: 2004-354636 

XRPX Acc No: N04 -535163 

Data server information services integrating computer program product, 
has instructions to deliver information from real - time information 
source with higher priority than sub-portion of non-real-time information 

Patent Assignee: DIGITAL INTEGRATOR INC (DIGI-N) 

Inventor: GISSEL P V; HAHN C P 

Number of Countries: 001 Number of Patents: 001 
Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

US 20040177156 Al 20040909 US 2000702989 A 20001101 200466 B 

US 2004801572 A 20040317 

Priority Applications (No Type Date) : US 2000702989 A 20001101; US 

2004801572 A 20040317 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 

US 20040177156 Al 12 G06F-015/16 Cont of application US 2000702989 

Cont of patent US 6725446 
Data server information services integrating computer program product, 
has instructions to deliver information from real - time information 
source with higher priority than sub-portion of non-real-time information 

Abstract (Basic) : 

The product has a computer program code mechanism embedded 
in a computer storage medium . The mechanism has instructions to 
receive information from real-time information sources, and to receive 
a sub. . . 

International Patent Class (Main) : G06P-015/16 
International Patent Class (Additional) : G06F-015/173 
Manual Codes (EPI/S-X) : T01-N01A2 . . . 

. . . T01-N02B1A . . . 

. . . T01-S01B . . . 



T01-S03 
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WPI Acc No: 2003-247742/200324 

XRPX Acc No: N03-196949 

Security key exchange system for streaming protected media content on 
DVD, communicates one or more keys from DVD of server device to key 
exchange client, to allow decoder to decrypt content received from DVD 

Patent Assignee: CHAN S J (CHAN- I) ; MAYMUDES D M (MAYM-I) 

Inventor: CHAN S J ; MAYMUDES D M 

Number of Countries: 001 Number of Patents: 001 

Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

US 20030009668 Al 20030109 US 2001882810 A 20010614 200324 B 

Priority Applications (No Type Date) : US 2001882810 A 20010614 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
US 20030009668 Al 17 H04L-009/00 

Inventor : CHAN S J . . . 
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WPI ACC No: 2003-439779/200341 

Related WPI Acc No: 2003-074611; 2003-327733 

XRPX ACC No: N03-350968 

Computer- readable medium stores data structure with packets having 
reference count field which is examined to detect whether reference field 
of packet includes reference to location of specific variable-size data 
object 

Patent Assignee: MICROSOFT CORP (MICT ) 
Inventor: CHAN S ; SHUM H 

Number of Countries: 001 Number of Patents: 001 
Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

US 20030055833 Al 20030320 US 99471678 A 19991223 200341 B 

US 99471932 A 19991223 

US 2002285138 A 20021030 

Priority Applications (No Type Date): US 99471678 A 19991223; US 99471932 A 

19991223; US 2002285138 A 20021030 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 

US 20030055833 Al 45 G06F-007/00 Cont of application US 99471678 

Div ex application US 99471932 
Cont of patent US 6476805 
Div ex patent US 6502097 

Inventor : CHAN S . . . 

Abstract (Basic) : 

4) storage medium with data structure filling program; and 



...5) storage medium with variable-size data object accessing program 

International Patent Class (Main) : G06F-007/00 
Manual Codes (EPI/S-X) : T01-N01D1 . . . 

. . . T01-N02A . . . 

. . . T01-S03 . . . 

. . . W02-K03 . . . 

. . . W04-F01F . . . 



W04-G01F 
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Interdependent validation method for protecting digital data content in 
digital rights management system, involves using private key that 
validates digital signatures of digital content package and license 

Abstract (Basic) : 

private key is derived from a source node of a client device, in 
order to validate the digital signature obtained from digital 
content package. A private key is derived from the previous private 
key in order to validate another digital signature obtained from 
the license. 

For enforcing independent validation of digital contents in 
digital rights management system using tangible devices like magnetic 
tape , floppy disk , and optical disk and intangible media like 
electronic bulletin board, electronic network and internet . 



.Provides validation of digital content package having a portion of 
digital content in encrypted form with corresponding 
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Abstract (Basic) : 

packets is simultaneously performed between single electronic 
source device and two electronic sink devices using authentication 
and key exchange protocols. A table is created for recording 
information related to the communication state. The... 

device such as personal computer, digital television, digital 
video cassette recorder, digital set top box, DVD drive, digital 
audio/video receiver and digital camera, through network . 

...are properly processed by the source device, the multiple audio/video 

data packets are simultaneously transmitted from single source device 
to multiple sink devices using various authentication and key 
exchange protocols, thereby maximizing bandwidth of communication 
network. . . 

...the flowchart illustrating communication method of digital electronic 

source device and multiple sink devices using authentication and key 
exchange protocols 
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On-line encrypted media files auditing method involves authenticating 
user by measuring key stroke dynamics of information entry made by user 
and according to selected encrypted media file. . . 

Abstract (Basic) : 

... A biometric profile of an authenticated user created by 

measuring keystroke dynamics of information entry including password, 
user name, address made... 

...is compared with the prestored measured biometric profile. A selected 
encrypted media file from a storage medium is streamed over a 
network and decrypted to an auditing device, if the individual is 
verified as the authenticated user. 

... 3) computer program product comprises storage medium for 

storing on-line encrypted media files auditing program. . . 

. . .For allowing authorized user to audit encrypted media files through 
network. . . 

. . .As the encrypted media files are downloaded to the authorized user 
only after comparing the measured key stroke dynamics with the 
prestored measured value, a secure and user-friendly system for 
accessing and downloading on-line media is provided. . . 



58/3, K/27 (Item 27 from file: 350) 

DIALOG (R) File 350:Derwent WPIX 
(c) 2006 Thomson Derwent . All rts. reserv. 

014036998 **Image available** 

WPI Acc No: 2001-521211/200157 

XRPX ACC No: N01-386131 

System for obtaining digital information via a communication network 
such as the Internet using a server with a list of computer games and a 
server including a storage device 

Patent Assignee: MEDIA STATION INC (MEDI-N) 

Inventor: FLURRY H S; STINSON J L 

Number of Countries: 094 Number of Patents: 002 

Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

WO 200101240 . A2 20010104 WO 2000US17359 A 20000623 200157 B 
AU 200057629 A 20010131 AU 200057629 A 20000623 200157 

Priority Applications (No Type Date) : US 99347584 A 19990630 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 

WO 200101240 A2 E 22 G06F-009/00 

Designated States (National) : AE AG AL AM AT AU AZ BA BB BG BR 
CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL 
KE KG KP ICR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO 
RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW 
Designated States (Regional) : AT BE CH CY DE DK EA ES FI FR GB 
IE IT KE LS LU MC MW MZ NL OA PT SD SE SL SZ TZ UG ZW 

AU 200057629 A G06F-009/00 Based on patent WO 200101240 

System for obtaining digital information via a communication network 
such as the Internet using a server with a. . . 

Abstract (Basic) : 

present a client machine (120) with a selection of titles via 
the Internet (150) . A server table (116) provides a list of various 
scenes on which CD - ROM images are stored and a user can play a game 
title using web pages (117) after obtaining authorization and a CD 

key file (119) . A web browser (121) provides a user interface and 
obtains the CD key file (122) for selecting an image of a computer 
game at the server and. . . 

Obtaining digital information from CD formatted data via a 
communication network . 



. CD key files (119,122 
.Title Terms: OBTAIN ; 
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AU 9877971 A G06F-015/20 Based on patent WO 9946691 

JP 2002507025 W 55 G06F-015/00 Based on patent WO 9946691 

Abstract (Basic) : 

... of individualized and class specific access key code and 

optional individual encryption key generated by key generation 
algorithms. Each authorized user is provided with storage media 
containing the user's individual or class specific access key code. 

The host computer is provided with a program for comparing 
transmitted individual and class specific access key codes and 
stored authorized access key' codes, and for permitting correct 
matches to have access to the server transaction program. The... 

...permitting connection to the host computer through a communication 

network or telephone network, and for Itransmitting individualized and 
class specific access key codes through the remote computer terminal to 
the host . . . 

...access to host computer. Erases transactions of the connection if proper 
exit code is not received , thus aborting a hijacked connection. 
Thwarts trespassing attacks on the security system, and allows 
trespassers . . . 

...to be identified. Enables passwords of hundreds of characters to be 
readily employed by using CD - ROM disk key. . . 

...The figure shows a schematic diagram illustrating various steps required 
to practice the network communications security system, and the 
hardware and software of one CD - ROM . 
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and secret key used in authentication operation of public key 
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Portable data recording medium authentication method for commercial 
transaction. . * 

. . .by obtaining digital signature that includes open key and secret 
key used in authentication operation of public key cryptic system, 
from portable data recording medium 

. . .Abstract (Basic) : The method entails obtaining a digital signature 
from a portable data recording medium (10) such as an integrated 
circuit . . . 

...includes an open key (2) and a secret key (1) which are used in an 
authentication operation of a public key cryptic system. . . 

. . . ADVANTAGE - Safely manages key used in authenticating digital 

signature since unauthorised usage and alterations are prevented. Keeps 
key in portable data recording medium thereby eliminating need to store 
key in magnetic disk of network terminal... 

...Title Terms: OBTAIN ; 
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INFORMATION PROCESSOR, NETWORK SYSTEM, METHOD FOR MANAGING CUSTOMER AND 
STORAGE MEDIUM 

ABSTRACT 

... adds specified information (information of privilege, etc.), concerning 
the service of the store to an authenticating key for permitting the 
utilization of the service to a user 103 (X) and transmits it to a server 
101. The server 101 permits the utilization of the service of the store 
based on the authenticating key to the user when the authenticating 

key issued by the store terminal equipment 102 (X) is inputted from the 
user 103 (X. . . 
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METHOD AND SYSTEM FOR AUTHENTICATING USER 

ABSTRACT 

PROBLEM TO BE SOLVED: To provide a method and a system for authenticating 
user with which sure security can be kept while using an inexpensive 
storage medium (such as a floppy disk ) , in place of a cript card. 

SOLUTION: In the system composed of a controller and... 

. . . controller, on the side of the operating part, a means is provided for 
reading the storage medium , in which a specified parameter is stored, 
and generating a user certification code from this parameter and a 
parameter applied from the controller while using a specified function. On 
the other hand, on the side of the controller, an authentication manager 
11 is provided for generating a specified code based on the parameter sent 
from the storage medium while using the specified function, and an 

authentication Web server 12 is provided for downloading an applet 
for authentication to an accessing browser, certifying a CRL with key 

sent from the operating part, acquiring a relevant page from a linked 
Web server 1 and displaying it on a display. . . 
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Detailed Description 

Detailed Description 

within encrypted information that is burned into 
the disc. Authentication keys are buried using various authentication 
processes, which verify that the platform device - whether a 
computer , 

CD player, DVD player, or the like - is a licensed device and, 
consequently, obeys certain copyright rules. Eventually... 
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Fulltext Availability: 
Claims 

Claim 
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said medium carrying computer instructions which, when executed by said 
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(a) receive an electronic transaction document, said. . . 



23/3, K/54 (Item 14 from file: 349) 

DIALOG (R) File 349:PCT FULLTEXT 

(c) 2006 WIPO/Univentio. All rts. reserv. 

00743135 

INTERNET, INTRANET AND OTHER NETWORK COMMUNICATION SECURITY SYSTEMS 

UTILIZING ENTRANCE AND EXIT KEYS 
INTERNET, INTRANET ET AUTRE S SYSTEMES DE SECURITE POUR COMMUNICATION EN 

RESEAU UT I LIS ANT DES CLES D 1 ENTREE ET DE SORTIE 

Patent Applicant /Assignee : 

NEWTON Farrell, 8 Brighton 10th Path, Brooklyn, NY 11235, US, US 
(Residence) , US (Nationality) 
Patent Appl i cant/ Inventor : 

WILLIAMS Gareth, 8 Brighton 10th Path, Brooklyn, NY 11235, US, US 

(Residence) , US (Nationality) 
MOORE Charles E II, 35-11 85th Street, Jackson Hts, NY 11372, US, US 

(Residence) , US (Nationality) 
NICHOLS Christopher M, 80 Varick Street, New York, NY 10013, US, US 
(Residence) , US (Nationality) 
Legal Representative: 

SCHWEITZER Fritz L III, Schweitzer Cornman Gross & Bondell LLP, 230 Park 
Avenue, New York, NY 10163, US 
Patent and Priority Information (Country, Number, Date) : 

Patent: WO 200056009 Al 20000921 (WO 0056009) 

Application: WO 2000US7174 20000317 (PCT/WO US0007174) 

Priority Application: US 99270874 19990317 
Designated States: 

(Protection type is "patent" unless otherwise stated - for applications 
prior to 2004) 

AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE 
GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK 
MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU 
ZA ZW 

(EP) AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE 

(OA) BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG 

(AP) GH GM KE LS MW SD SL SZ TZ UG ZW 

(EA) AM AZ BY KG KZ MD RU TJ TM 
Publication Language: English 
Filing Language: English 
Fulltext Word Count: 27898 

Fulltext Availability: 
Detailed Description 

Detailed Description 
... we 

further contemplate using such means to provide different 
access or use privileges to a user s portable electronic 

device or portable storage medium for different entities or 
programs or different authorized individuals. Note that this 
includes providing access to different services or functions, 
both in the. . . 



23/3, K/53 (Item 13 from file: 349) 

DIALOG (R) File 349:PCT FULLTEXT 
(c) 2006 WIPO/Univentio. All rts. reserv. 

00743923 **Image available** 

METHOD FOR SECURE POINT TO POINT COMMUNICATIONS 
PROCEDE POUR COMMUNICATIONS POINT A POINT SECURISEES 

Patent Appl icant/ Inventor : 

PHILLIPS Geoff J, 3565 Caminito Carmel Landing, San Diego, CA 92130, US, 
US (Residence) , US (Nationality) 
Legal Representative: 

GILLIAM Frank D, 4565 Ruffner St., Ste . 200, San Diego, CA 92111, US 
Patent and Priority Information (Country, Number, Date) : 

Patent: WO 200057292 Al 20000928 (WO 0057292) 

Application: WO 2000US7658 20000323 (PCT/WO US0007658) 

Priority Application: US 99276475 19990325 
Designated States : 

(Protection type is "patent" unless otherwise stated - for applications 
prior to 2004) 

AE AG AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM DZ EE ES 
FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU 
LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT 
TZ UA UG UZ VN YU ZA ZW 

(EP) AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE 

(OA) BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG 

(AP) GH GM KE LS MW SD SL SZ TZ UG ZW 

(EA) AM AZ BY KG KZ MD RU TJ TM 
Publication Language: English 
Filing Language: English 
Fulltext Word Count: 2654 

Fulltext Availability: 
Detailed Description 

Detailed Description 
other 

convenient storage medium can be used. The software 

requirements of the storage medium are certification , to 

"clone" (copy) data to the diskette from the hard drive for the 

guest user personal remote use and, "spawn" " (duplicate) to 

other diskettes from the hard drive or diskette... 



23/3,K/52 (Item 12 from file: 349) 

DIALOG (R) File 349:PCT FULLTEXT 
(c) 2006 WIPO/Uriiventio. All rts . reserv. 

00749091 **Image available** 

METHOD OF AND APPARATUS FOR PROVIDING SECURE COMMUNICATION OF DIGITAL DATA 
BETWEEN DEVICES 

SECURISATION DES E CHANGES DE DONNE ES NUMERIQUES ENTRE DISPOSITIFS ET 
AP PARE IL A CET EFFET 

Patent Applicant/Assignee: 

CANAL + SOCIETE ANONYME , 85/89, quai Andre Citroen, F-75711 Paris Cedex 15 

, FR, FR (Residence) , FR (Nationality) , (For all designated states 

except: US) 
Patent Applicant/ Inventor : 

MAILLARD Michel, 42, avenue du Marechal Leclerc, F-28130 Maintenon, FR, 

FR (Residence), FR (Nationality), (Designated only for: US) 
DAUVOIS Jean-Luc, 19, rue Eugene Manuel, F-75116 Paris, FR, FR 

(Residence), FR (Nationality), (Designated only for: US) 
DUBLANCHET Frederic, Canal+ Technologies Societe Anonyme, 34, place Raoul 

Dautry, F-75516 Paris Cedex 15, FR, FR (Residence) , FR (Nationality) , 

(Designated only for: US) 
LEPORINI David, Canal+ Technologies Societe Anonyme, 34, place Raoul 

Dautry, F-75516 Paris Cedex 15, FR, FR (Residence) , FR (Nationality) , 

(Designated only for: US) 
Legal Representative: 

COZENS Paul Dennis, Mathys & Squire, 100 Gray's Inn Road, London WC1X 8AL 

, GB 

Patent and Priority Information (Country, Number, Date) : 

Patent: WO 200062540 Al 20001019 (WO 0062540) 

Application: WO 2000IB432 20000331 (PCT/WO IB0000432) 

Priority Application: EP 99400901 19990413 

Designated States: 

(Protection type is "patent" unless otherwise stated - for applications 
prior to 2004) 

AE AG AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM DZ EE ES 
FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU 
LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT 
TZ UA UG US UZ VN YU ZA ZW 

(EP) AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE 

(OA) BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG 

(AP) GH GM KE LS MW SD SL SZ TZ UG ZW 

(EA) AM AZ BY KG KZ MD RU TJ TM 
Publication Language: English 
Filing Language: English 
Fulltext Word Count: 12524 

Fulltext Availability: 
Detailed Description 

Detailed Description 

. . . validation procedure can be initiated at any time, for example, upon 
switching the device on, disc insertion, zapping of the device by the 
user , establishment of connection with the security module etc. 

The validation procedure is initiated by the security module. As shown 
at 100, the security module 64... 



23/3, K/47 (Item 7 from file: 349) 

DIALOG (R) File 349:PCT FULLTEXT 
(c) 2006 WIPO/Univentio . All rts. reserv. 



00855226 **Image available** 

SECURITY DEVICE AND ARTICLE INCORPORATING SAME 

DISPOSITIF DE SECTJRITE ET ARTICLE COMPRENANT UN TEL DISPOSITIF 

Patent Applicant/Assignee: 

3LFANTS LIMITED, 19 Abbots Close, Knowle, Solihull, West Midlands B93 9PP 
, GB, GB (Residence) , GB (Nationality) , (For all designated states 
except: US) 
Patent Appl icant/ Inventor : 

CONSTANTINOU Andreas Sotiriou, 19 Abbots Close, Knowle, Solihull, West 
Midlands B93 9PP, GB, GB (Residence) , GB (Nationality) , (Designated 
only for: US) 

SOTIRIOU Marios Panikos, 2 High Trees Road, Knowle, Solihull, West 
Midlands B93 9PR, GB, GB (Residence) , GB (Nationality) , (Designated 
only for: US) 

DAVIES Guy, 52 Clopton Road, Stratf ord -Upon -Avon, Warwickshire CV37 6SN, 
GB, GB (Residence), GB (Nationality), (Designated only for: US) 

Legal Representative: 

MOSEY Stephen George (et al) (agent) , Marks & Clerk, Alpha Tower, Suffolk 
Street, Queensway, Birmingham Bl ITT, GB, 

Patent and Priority Information (Country, Number, Date) : 

Patent: WO 200188921 Al 20011122 (WO 0188921) 

Application: WO 2001GB2261 20010518 (PCT/WO GB0102261) 

Priority Application: GB 200011904 20000518; GB 200024859 20001011 

Designated States : 

(Protection type is "patent" unless otherwise stated - for applications 
prior to 2004) 

AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ 
EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR 
LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL 
TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW 

(EP) AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR 

(OA) BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG 

(AP) GH GM KE LS MW MZ SD SL SZ TZ UG ZW 

(EA) AM AZ BY KG KZ MD RU TJ TM 
Publication Language: English 
Filing Language: English 
Fulltext Word Count: 5722 



English Abstract 

A compact disc (10) for a computer incorporates a security device 
for preventing non- authorised reading of data carried by the disc. The 
security device includes an LCD laser blocker. . . 



23/3, K/29 (Item 29 from file: 348) 

DIALOG (R) File 348:EUROPEAN PATENTS 
(c) 2006 European Patent Office. All rts. reserv. 

00860521 

Device and method for authenticating user's access rights to resources 

according to the Challenge -Response principle 
Vorrichtung und Verfahren zur Authentif izierung von Zugangsrechten eines 

Benutzers zu Betriebsmitteln nach dem Challenge-Response-Prinzip 
Dispositif et procede d 1 authentif ication de droits d'acces d'un utilisateur 

a des ressources selon le principe Challenge -Response 
PATENT ASSIGNEE: 

FUJI XEROX CO., LTD., (450442), 17-22, Akasaka 2-chome, Minato-ku, Tokyo, 
(JP) , (Proprietor designated states: all) 
INVENTOR : 

Shin, Kil-ho, c/o Fuji Xerox Co., Ltd., 430 Sakai, Nakai-machi, 

Ashigarakami-gun, Kanagawa, (JP) 
Kobayashi, Kenichi, c/o Fuji Xerox Co., Ltd., 430 Sakai, Nakai-machi, 

Ashigarakami-gun, Kanagawa, (JP) 
Aratani, Toru, c/o Fuji Xerox Co., Ltd., 430 Sakai, Nakai-machi, 
Ashigarakami-gun, Kanagawa, (JP) 
LEGAL REPRESENTATIVE: 

Hoffmann, Eckart, Dipl.-Ing. (5571), Patentanwalt , Bahnhof strasse 103, 
82166 Grafelfing, (DE) 
PATENT (CC, No, Kind, Date) : EP 792044 A2 970827 (Basic) 

EP 792044 A3 980527 
EP 792044 Bl 010502 
APPLICATION (CC, No, Date) : EP 97102779 970220; 
PRIORITY (CC, No, Date) : JP 9662076 960223; JP 97418 970106 
DESIGNATED STATES: DE; FR; GB 

INTERNATIONAL PATENT CLASS (V7) : H04L-009/32; G06F-001/00 

ABSTRACT WORD COUNT: 157 

NOTE: 

Figure number on first page: 3 

LANGUAGE (Publication, Procedural , Application) : English; English; English 
FULLTEXT AVAILABILITY: 



Available Text 


Language 


Update 


Word Count 




CLAIMS A 


(English) 


199708W4 


5228 




CLAIMS B 


(English) 


200118 


4877 




CLAIMS B 


(German) 


200118 


4269 




CLAIMS B 


(French) 


200118 


5603 




SPEC A 


(English) 


199708W4 


12074 




SPEC B 


(English) 


200118 


11928 


Total 


word count 


- document 


. A 


17305 


Total 


word count 


- document 


B 


26677 


Total 


word count 


- documents A + B 


43982 



...CLAIMS power of challenging data C stored in the first memory means 111 
modulo n (R = CD ) ) mod n) . 
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of claim 20, wherein 
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24. The device for authenticating user 's access rights to resources 
of claim 23, wherein 
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. . .power of challenging data C stored in the first memory means 411 modulo 
p (R = CD ) ) mod p) . 
29. The device for authenticating user ■ s access rights to resources 



of claim 28, wherein 
the response generation means 416 further. . . 

...CLAIMS challenging data C stored in the first memory means (111) modulo 
n , i . e . R = CD ) mod n . 
21. The device for authenticating user 's access rights to resources 
of claim 20, wherein 

the response generation means (116) further. . .challenging data C 
stored in the first memory means (111) modulo n, i.e. R = CD ) mod 
n. 

24. The device for authenticating user 's access rights to resources 
of claim 23, wherein 

the response generation means (116) further. . . 

...challenging data C stored in the first memory means (411) modulo p, i.e. 
R = CD ) mod p. 

29. The device for authenticating user 's access rights to resources 
of claim 28, wherein 

the response generation means (416) further. . . 
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SPECIFICATION 

BACKGROUND OF THE INVENTION 

The present invention generally relates to authentication 
apparatuses , user authentication methods , user authentication 
cards and storage mediums , and more particularly to an 
authentication apparatus, a user authentication method for an 
authentication apparatus , a user authentication card, and a 
storage medium storing a program for user authentication . 

Conventionally, the security function provided in a personal computer 
(PC) generally carries out the authentication. . . 



.it is a general object of the present invention to provide a novel and 
useful authentication apparatus , user authentication method, 
user authentication card and storage medium , in which the problems 
described above are eliminated. 

Another and more specific object of the... 
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...SPECIFICATION validation procedure can be initiated at any time, for 
example, upon switching the device on, disc insertion, zapping of the 
device by the user , establishment of connection with the security 
module etc . 

The validation procedure is initiated by the security module. As 
shown at 100, the security module 64... 
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...CLAIMS a constrained module after said retaining, until all 
pre-verif ication constraints are read. 
5. A verification apparatus for verifying a module during linking, 
the apparatus comprising: 
a computer readable storage medium for storing a module of a 

computer program; 
a memory into which a module is. . . 
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...CLAIMS constraints are read, whereby the first module is verified. 
17. A pre-verif ication apparatus for verifying a module 
one -module -at -a -time, the apparatus comprising: 
a computer readable storage medium for storing a module of a 

computer program and a constraint; 
a processor configured to. . . 

...an error message if the instruction fails to satisfy any intra-module 
check. 

20. A verification apparatus for verifying a module during linking, 

the apparatus comprising: 
a computer readable storage medium for storing a module of a 

computer program; 
a memory into which a module is. . . 
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.CLAIMS the referenced module, if the information is required. 
18. A dynamic linking apparatus for trusted verification of a module 
during dynamic linking, the apparatus comprising: 
a computer readable storage medium for storing a module of a 

computer program; 
a memory into which a module is... 
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...SPECIFICATION and thus a recording and reproducing apparatus, a 

recording and reproducing method and a program storage medium capable 
of markedly improving versatility of data storage apparatuses can be 
implemented. 

In addition, the ... apparatus , and thus a data storage apparatus, a 
data management and migration method and aprogram storage medium that 
allow contents data recorded on a data storage apparatus to be easily 
utilized by. . . 

. . . regulating apparatus . 

Thus, an information receiving apparatus, a data utilization method 
and a program storage medium capable of, by having an information 



regulating apparatus determine in advance whether received contents data 

.showing the received contents data by an information receiving 
apparatus, and prohibiting utilization, that is, verifying a signature 
on utilization permission data to determine whether the utilization 
permission data is illegal... in the case where a home server charges. 

Figure 90 is a flowchart showing a proxy purchasing procedure in the 
case where equipment outside the group charges. 

Figure 91 is a. . .but no specific hardware limitation is necessary. 

(For example, the memory may be a hard disk existing in a room to which 
entry is managed, a hard disk of a personal computer that is managed by 
a password, or the like.) In addition... 

.a memory 4 OB only stores the individual key Ki) ) that is encrypted by 
the delivery key Kd) ) and the public key certificate of the content 
provider 2, the memory may be any ordinary storage device or the... 

.4 OA and 4 OB may be united. 

The signature, which is attached to data or a certificate to be 
described later, is data for checking tamper and authenticating a person 
preparing the... be kept secret is called a secret key. 

The elliptic curve encryption method that is representative of the 
public key encryption method will be described. In Figure 12, in step 
S2 0, Mx) ) and My)) are ... watermark technology to output to other 
apparatuses or a speaker (not shown), and reproduces music. 

Key data required for the mutual authentication with the 
encryption processing section 65 is stored in the storage module 106. 
Further, the . . . 

.the save key Ksave) ) . The mass storage section 68 records the secure 
container, the public key certificate , the registration information 
or the like supplied from the service provider 3 . 
The fixed apparatus . . . 

.from the service provider 3 in an inserted recording medium 80 such as 
an optical disk and a semiconductor memory and reproducing the 
recording media is composed of a communication section. . . 

.as the mass storage section 68, contents themselves are not stored and 
only the public key certificate , the registration information or the 
like are stored. The record reproduction section 76 has the recording 
medium 80 such as an optical disk and a semiconductor memory inserted 
therein, records contents in the recording medium 80 and output... 67, its 
description is omitted. The recording medium 80 is, for example, an MD 
(Mini Disk : trademark) or a storage medium exclusively used for 
electronic distribution (Memory Stick using a semiconductor. . . 

.the public key of the electronic distribution service center 1 to be 
used when mutually authenticating with the electronic distribution 
service center 1 (unnecessary if there is the public key certificate... 
.the electronic distribution service center 1) , the public key of the 
authentication station 22 for verifying the public key certificate , 
and the common key to be used when mutually authenticating with the 
extension section 66 are stored in the storage module 92 in the 
encryption. . . 

.the storage module 92. The individual ID for specifying the extension 
section and the common key to be used when mutually authenticating 
with the encryption processing section 65 are stored in the storage 
module 106 in the. . . 



...one, IDs of each section may be held by respective storage modules 

(since the mutual authentication is performed by the common key , as a 
result, communication can only be made between the corresponding 
encryption processing section and the extension section associated with 
each other. However, processing may be the mutual authentication of the 
public key encryption method. In this case, a stored key is not the 
common key, but the. . . 

...utilizing the content key Kco) ) are stored in the external memory 67. In 
addition, the certificate (the public key certificate of an apparatus) 
of the public key corresponding to the secret... 

...all the procedures with the electronic distribution service center 1 on 
its behalf) , the public key of the authentication station 22 for 
verifying the public key certificate , and the common key to be 
used when mutually authenticating with the extension section 84 are 
stored. These data are data that are stored in... secure container, the 
public key certificate of the content provider 2, and the public key 
certificate of the service provider 3 (whose details will be described 
later) are transmitted to the... 

...addition, the service provider 3 transmits the price information and its 
signature, and the public key certificate of the service provider 3 
to the electronic distribution service center 1, if necessary. 

After verifying the received secure containers, the user home 
network 5 performs the purchase processing based on... 

...the save key Ksave) ) , and stores the license conditions information and 
the re-encrypted content key Kco)) in the external memory 67. Then, the 
user home network 5 decodes the content ... hash value generated by 
applying a hash function to a version number of the public key 
certificate , a serial number of the public key certificate to be 
allocated to the content provider 2 by the authentication station, an 
algorithm and a parameter used for the signature, a name of the 
authentication station, an effective period of the public key 
certificate , a name of the content provider 2, the public key Kpcp) ) of 
the content provider. . . 

. . .encrypted by the delivery key Kd) ) . 

Figure 2 8 illustrates yet another example of the public key 
certificate of the content provider 2. The public key certificate 2B of 
the content provider 2 . . . 

...the signature, a name of the authentication station, an effective period 
of the public key certificate , a name of the content provider 2, the 
public key Kpcp)) of the content provider ... rules , the rules stored in 
the position indicated by the address information, the public key 
certificate and signatures. 

The rule is composed of a rule number given as a serial number. . . 

...the rules, the rules stored in the position indicated by the address 
information, the public key certificate and signatures. 

Further, similar to the rule of the handling policy of the single 
content ... signature is affixed to the entirety ranging from a type of 
data to a public key certificate excluding the signature from a 
handling policy. An algorithm and a parameter used in preparing the 
signature and a key to be used for verification of the signature are 
included in the public key certificate . In addition, in rules, a 
utilization right content number is a number added for each. . . 
authenticates with the mutual authentication section 3 9 of the content 



provider 2 . Since the mutual authentication processing was described in 
Figure 52, its details are omitted. When it is confirmed that... 

.management section 18 of the electronic distribution service center 1. 
In step S60, the home server 51 mutually authenticates a public key 

certificate stored in the mass storage section 68 with the mutual 
authentication section 17 of the electronic distribution service center 
1 in the mutual authentication module 95 of the encryption processing 
section 65 . Since this authentication processing is similar to that 
described with reference to Figure 52, description is omitted here. A 
certificate that the home server 51 transmits to the user management 
section 18 of the electronic distribution service center 1 in step S60 
includes data (a public key certificate of a user apparatus) shown in 
Figure 32. 

In step S61, the home server decides whether or not a registration 
of an individual's settlement information (such as a. . .and the signature 
verification of the individual key Ki) ) (step S455) as well as the 
substitute processing of the content key Kco) ) that have already been 
performed in the purchase processing described with reference to Figure 
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... processing devices, from PDAs to video game boards. The client program 
is transferred to the client device 109 via install disks , 
downloading, or any other mechanism known in the art for code transfer 
and installation. Further ... for distribution of both the client prograni 
and server tables (and possibly parts of the server program) to the 
client site on CD , DVI) or other computer readable media, for example. 
The security of the transf orination relies on ensuring that an 
unauthorized user never obtains access to the server tables. One can 
achieve this goal by keeping the tables encrypted where the encryption 
key is known orily to authorized servers . The vendor splits the 
original program into a process and server with an encrypted set of 
server tables, where the encryption key is known only to the vendor . 
In order to execute the client, it sends the encrypted tables to a 
server , where they are decrypted and. used by the server until such time 
as the client . . . 
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playback hardware device such as a compact disk player or an MP3 
player. If the hardware or computer associated with the removable 
storage medium 3 8 has content player software or finnware, the content 
60 is decrypted and played as... 4168. Data encryption occurs via a 
16-round Feistel network. Each round consists of a key -dependent 
permutation and a datadependent substitution . All operations are XORs 
((inverted exclamation mark).e., exclusive or) and additions on 32 -bit... 
content player uses the device type bits to detennine from what device 
and thus data storage medium 3 8 to query for the unique ID code 
incorporated in the Blowfish eneryption key in order to unlock the 
Blowf (inverted exclamation mark) sh-encrypted authentication string and 
XOR file key stored in the authentication descriptor 304. The 
download server software 312 sets these bits prior to downloading 
content 60, in this instalice music, to. . . 



. . .typically used. 

0= removable type (e.g. Iomega removable type) 
1= hard drive type 
2 = CD type 

3= other type (e.g. flash memory, etc... 

The file type field contains an ... encrypted using the random, S-byte 
(64-bit) XOR file key selected by the download server software 312. The 
XOR file key is also encrypted, using the Blowfish algorithm with the 
encryption key being the unique ID code of the data storage medium 
38. Once the XOR file key is encrypted, the download server software 
312 embeds the XOR key in the authentication descriptor for the 
content player such as the client computer 20, the dedicated playback 
hardware . . . 
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Detailed Description 

data stored on a storage medium. 

An engine for reading the data stored on the storage medium is 
connected to a host device . A user of the storage medium selects 
a portion of the data on the storage . . .places a new storage medium in 
data storage engine 14, or if the 1 5 user powers up host device 12 
with a storage medium (e.g. an optical disk) in data storage engine 
14. In stage 205, the host device reads the content infon-nation block 
from storage medium 1 0 and displays the content information block to 
the user. In stage 210, host... 

...the user's selection of data to enable. Host device 12 then connects to 
content key server 17 or a distributor authorization server and 
satisfies the requirements of the distributor for the selected data in 
stage 210 . Host . . . 

...both handled by a single server, content key server 17. Thus, there is 
no separate vendor authorization server. Content key server 17 
includes application programs 17A, data access server 17B, and web server 
17C. Application. . .be unlocked. The content selected by the user may be 
all the data stored on storage medium 1 0, or only a portion of the 



data stored on storage medium 10. The message authorization code 
(MAC) 32 is a encrypted hash of the entire packet that verifies content 
key server 17 that the packet has not been altered in transit. 
Session ID 33 is generated by content key server 17 and sent to data 
storage engine 14 when the user requests pricing information in. . . 

...indicates whether data storage engine 14 was able to successfully store 
the content key on storage medium 10. If pass/fail indicator 41 
indicates that data storage 1 5 engine 14 was . . . 

...store the content key, the transaction required by the distributor 
between the user and content key server 17 or the distributor 
authorization server is canceled. Packet ID 39 is generated by data 
storage engine 14 . 

In one embodiment, the server certificate , random challenge, and 
public/private key used to encrypt the three information packets, pairs 
are generated using a toolkit called "Security ... 464 , the decrypted 
packet is separated into the packet formed in stage 430 and the server 
signature formed in stage 432. In stage 466, the packet formed in stage 
43 0 is separated into the random challenge, the server certificate , the 
encrypted server t-DES key set, and the data packet fon-ned in stage 
424. In stage 468, the server certificate is verified using the 
manufacturer's public key , part of the public/private manufacturer key 
pair, which is given to the engine during... 

. . .digital signature on the packet formed in stage 43 0 and signed in stage 
432 is verified using the server public key , part of the 
public/private server key pair, which is contained within the server 
certificate . 

In stage 472, the server t-DES key set formed in stage 426 is decrypted 
using the private engine key. . . 

...during manufacture. In stage 474, the packet formed in stage 424 is 

decrypted using the server t-DES key set. The decrypted information can 
then be separated and the content keys . . . 

. . .each file enabled by the user retrieved. The content keys are then 
written to the storage medium by the data storage engine. The keys 
may be encrypted using a secret key stored. . .The 
each message digest for the signature is 
licensed created through the SHA- I hash 
server function. 

Verify Engine ecdsa- Verify Public Key , This function verifies 
that a signature Signed is authentic. 

Message 
Digest 

Encrypt Server sb-desEncrypt TDES-CBC Used. . . 

...TDES-CBC encryption. 
Initial 
Vector, Data 

Decrypt Server sb-desDecrypt TDES-CBC Used by the server to decrypt the 
data mode, Keys, using TDES-CBC mode. 

Initial 
Vector, Data 
Decrypt Engine . . . 



. . .a hardware ASIC to 

ASIC mode, Keys, perform TDES-CBC decryption. 

Initial 
Vector, Data 
Wrap Server sb 

.ecesWrap Public Key, Encrypts data using using a 326-bit 
Data ECC public key. . . 

. . .private key. 

CreateMac Engine Hardware Data, Key Creates the MAC used as hash and 
ASIC authentication for the engine. 

CreateMac Server sb-desEncrypt Data, Key Creates the MAC used to 
verify the MAC created by the engine. 

Various modifications and adaptations of the embodiments and 
implementations . . . 

. . .of data required to read the data or make sense of the data stored on 
storage medium 10. Specifically, in some embodiments, the data stored 
on the storage medium is not encrypted. . . 
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Detailed Description 

... contains a public key PKp, user-specific information, and credentials 
associated with pseudonym P. The proxy server S2 uses the public key 
PKp to check that the signed version S (R, SK ) of 

request message R is... A summary of such relevance feedback information, 
digitally signed by client processor C3 with a proprietary private key 

SKC3, is periodically transmitted through an a secure mix path to the 
proxy server S2...by the user establishing a pseudonymous data 
communications connection as described above to a proxy server S2i 
which provides front-end access to the data communication network N. The 
proxy server S2 maintains a list of authorized pseudonyms and their 
corresponding public keys and provides access and billing control. The 
user has a search profile set stored in the local data storage medium 
on the proxy server S2 . When the user requests access to "news" at step 
1102, the profile matching module 203 resident on proxy server S2 
sequentially considers each search profile Pk from the user's search 
profile set to. . . 
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51 1239329 STORAGE () (MEDIA? ? OR MEDIUM? ?) OR DVD OR DISK? OR DISC? ? 

OR CD OR CD () ROM OR TAPE? ? OR (DAT OR DIGITAL () ANALOG OR CA- 
SSETTE) ()TAPE? ? 

52 2549 ((COMPUTER? OR CLIENT??? OR HANDHELD? OR USER? ? OR PDA OR 

PALM () PILOT? OR HANDSET? ? OR DESKTOP?? OR LAPTOP??) (3N) (DEVI- 
CE? OR INSTRUMENT? OR MECHANISM? OR MACHINE? ? OR UNIT? OR AP- 
PARAT? OR HARDWARE? OR (HARD OR CD OR DVD) ()DRIVE?)) (ION) SI 

53 10 (CERTIFICAT? OR CERTIF? OR AUTHENT I CAT ? OR VALIDAT? OR AUT- 

HORIZ? OR AUTHORIS? OR APPROV? OR VERIF?) (10N)S2 

54 936563 KEY??? 

55 10373 (CERTIFICAT? OR CERTIF? OR AUTHENT I CAT ? OR VALIDAT? OR AUT- 

HORIZ? OR AUTHORIS? OR APPROV? OR VERIF?) (5N)S4 

56 715 (RETRIEV? OR RECEIV??? OR ACCEPT? OR ACQUIR? OR OBTAIN? OR 

DOWNLOAD? OR RECIPIEN??? OR FETCH??? OR TRANSFER? OR PASS??? - 
OR DELIVER??? OR SEND??? OR UPLOAD??? OR TRANSMIT? OR BEAM?) (- 
7N)S5 

57 0 (RETRIEV? OR RECEIV??? OR ACCEPT? OR ACQUIR? OR OBTAIN? OR 

DOWNLOAD? OR RECIPIEN??? OR FETCH??? OR TRANSFER? OR PASS??? - 
OR DELIVER??? OR SEND??? OR UPLOAD??? OR TRANSMIT? OR BEAM?) (- 
5N) (SI (7N) S5) 

58 13882355 RETRIEV? OR RECEIV??? OR ACCEPT? OR ACQUIR? OR OBTAIN? OR - 

DOWNLOAD? OR RECIPIEN??? OR FETCH??? OR TRANSFER? OR PASS??? - 
OR DELIVER??? OR SEND??? OR UPLOAD? ?? OR TRANSMIT? OR BEAM? 

59 1676005 CERTIFICAT? OR CERTIF? OR AUTHENT I CAT ? OR VALIDAT? OR AUTH- 

ORIZ? OR AUTHORIS? OR APPROV? OR VERIF? 

510 13 9818 DECRYPT? OR DECIPHER? OR DECOD? OR UNSCRAMBL? OR DESCRAMBL? 

511 1047 (INTERMEDIAR? OR GO () BETWEEN? OR MIDDLEMAN OR PROXY OR BRO- 

KER? OR NEGOTIATOR? OR VENDOR?) (5N)S4:S5 

512 2743 (SURROGAT? OR EMISSAR? OR INTERCESSOR? OR MEDIATOR? OR INT- 

ERAGENT? OR FINANCIER? OR PROPRIET?) (5N)S4:S5 

513 4563 (AGENT? ? OR REPRESENTATIVE? OR ARBITRATOR? OR PROMOTER? OR 

MEDIAR? OR EXECUTOR? OR SUBSTITUT?) (5N)S4:S5 

514 69717 (EXCHANG? OR RECIPROC??? OR REVERS? OR MUTUAL? OR SWAP??? - 

OR SWAPS OR SWAPPING OR TRADE? ? OR TRADING OR SWITCH? OR TRA- 
NSACT?) (S7) (S4 :S5) 



S15 


0 


S5(10N)S1 AND S9 AND S2 


S16 


0 


S2 AND S14 AND S11:S13 


S17 


59 


S5 AND (S6 OR S14) AND S11:S13 


S18 


0 


S17 AND S2 AND (S6 OR S14) AND S11:S13 


S19 


12942 


STREAM??? () (MEDIA () CONTENT? ? OR VIDEO??? OR AUDIO???) OR 



(DELIVER??? OR SEND??? OR DOWNLOAD??? OR UPLOAD???) (3N) ( REAL ( - 
) TIME OR REALTIME OR LIVE OR IMMEDIAT? OR INSTANT? OR STREAM? - 
?? OR UP(3W) (MINUTE? OR SECOND? OR MOMENT?)) 
S2 0 2 954 (NETWORK? OR NET? ? OR INTERNET? OR INTRANET? OR ONLINE OR 



WAN? ? OR LAN? ? OR ETHERNET? OR EXTRANET? OR WWW OR WORLD ()W- 
IDE ( ) WEB OR WORLDWIDEWEB OR SUBNET? OR SERVER? ? OR WEB () SERV- 
ER? ?) (10N) S19 



S21 


0 


S20 AND S6 AND S2 


S22 


0 


S19 AND S6 AND S2 


S23 


9 


S2 AND S14 


S24 


0 


S2 AND S11:S13 


S25 


0 


S2 AND S14 AND SERVER? 


S26 


12 


S9 (10N) S20 


S27 


0 


S9 AND S20 AND S14 AND S2 


S28 


516 


SI AND S8:S10 AND S14 


S29 


4 


S28 AND S2 


S30 


16 


S26 OR S29 


S31 


16 


S29:S30 


S32 


2 


S28 AND S19:S20 


S33 


13895 


AU=(CHAN S? OR CHAN, S?) 



\ 



534 0 AU= (MAYMUDES D? OR MAYMUDES , D?) 

535 0 SHANNON (2N) CHAN OR (DAVE OR DAVID) ( 2 N) MAYMUDES 

536 13895 S33:S35 

537 7 S36 AND S20 

538 0 S37 AND (S4:S5 OR S14) 

539 0 S36 AND S2 

540 0 S36 AND S11:S13 
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51 3210948 STORAGE () (MEDIA? ? OR MEDIUM? ?) OR DVD OR DISK? OR DISC? ? 

OR CD OR CD () ROM OR TAPE? ? OR (DAT OR DIGITAL () ANALOG OR CA- 
SSETTE) OTAPE? ? 

52 32176 ((COMPUTER? OR CLIENT??? OR HANDHELD? OR USER? ? OR PDA OR 

PALM () PILOT? OR HANDSET? ? OR DESKTOP?? OR LAPTOP??) (3N) (DEVI- 
CE? OR INSTRUMENT? OR MECHANISM? OR MACHINE? ? OR UNIT? OR AP- 
PARAT? OR HARDWARE? OR (HARD OR CD OR DVD) ()DRIVE?)) (ION) SI 

53 450 (CERTIFICAT? OR CERTIF? OR AUTHENT I CAT ? OR VALIDAT? OR AUT- 

HORIZ? OR AUTHORIS? OR APPROV? OR VERIF?) (10N)S2 

54 6605508 KEY??? 

55 68455 (CERTIFICAT? OR CERTIF? OR AUTHENT I CAT ? OR VALIDAT? OR AUT- 

HORIZ? OR AUTHORIS? OR APPROV? OR VERIF?) (5N)S4 

56 2 9954 9 (RETRIEV? OR RECEIV??? OR ACCEPT? OR ACQUIR? OR OBTAIN? OR 

DOWNLOAD? OR RECIPIEN??? OR FETCH??? OR TRANSFER? OR PASS??? - 
OR DELIVER??? OR SEND??? OR UPLOAD??? OR TRANSMIT? OR BEAM?) (- 
7N)S4 :S5 

57 925 (RETRIEV? OR RECEIV??? OR ACCEPT? OR ACQUIR? OR OBTAIN? OR 

DOWNLOAD? OR RECIPIEN??? OR FETCH??? OR TRANSFER? OR PASS??? - 
OR DELIVER??? OR SEND??? OR UPLOAD??? OR TRANSMIT? OR BEAM?) (- 
5N) (SI (5N) S4 :S5) 

58 26336829 RETRIEV? OR RECEIV??? OR ACCEPT? OR ACQUIR? OR OBTAIN? OR - 

DOWNLOAD? OR RECIPIEN??? OR FETCH??? OR TRANSFER? OR PASS??? - 
OR DELIVER??? OR SEND??? OR UPLOAD??? OR TRANSMIT? OR BEAM? 

59 8044805 CERTIFICAT? OR CERTIF? OR AUTHENT I CAT ? OR VALIDAT? OR AUTH- 

ORIZ? OR AUTHORIS? OR APPROV? OR VERIF? 

510 186234 (EXCHANG? OR RECIPROC??? OR REVERS? OR MUTUAL? OR SWAP??? - 

OR SWAPS OR SWAPPING OR TRADE? ? OR TRADING OR SWITCH? OR TRA- 
NSACT?) (5N) (S4 :S5) 

511 1 (SI (5N) S4 :S5) (5N) S3 

512 314 SI AND S1(5N)S10 

513 16 S12 AND S2 :S3 

514 8 RD (unique items) 

515 7 S14 NOT PD>2001 

516 1661 (SERVER? OR WEB () SERVER) (5N)S10 

517 0 S16 AND S3 

518 7 S3 AND S10 

519 4 RD (unique items) 

520 0 S12 AND S3 

521 764 S12 OR S3 

522 9 S21 AND S7 

523 48 S21 AND S6 

524 50 S22:S23 

525 29 S24 AND S1(5N)S4:S5 

526 1 S3 AND S1(5N)S4:S5 

527 18 RD S25 (unique items) 

528 13 S27 NOT PD>2001 
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DVD body sues to halt decryption code's spread 

( DVD Copy Control Association Inc files suit in effort to stop 
proliferation of DeCSS software program on the Web; program can copy 
encrypted video portion of a DVD disk ) 

ABSTRACT: 

The DVD Copy Control Association Inc (Morgan Hill, CA) , the licensing 
agency responsible for DVD security, has filed suit at the Santa Clara 
County office of the California Superior Court... 

...software program from the Internet. The program can copy the encrypted 
video portion of a DVD disk . The agency claims the future of the DVD 
format is at stake. The agency also wants a restraining order to stop 
linking to. . . 

...software claim it was developed as part of an effort to build a 
Linux-compatible DVD reader, which must carry a file containing one of 
the 400 "master keys" included on every DVD disk . The development of 
this reader and the software, as well as the lawsuit, are further... 

TEXT : 

By: Craig Matsumoto 

SAN JOSE, CALIF. - The licensing agency responsible for DVD security has 
gone to court to stem the spread of hacked code that can thwart DVD 
encryption. 

At stake, the plaintiffs assert, is the future of the DVD format itself. 
But supporters of the DVD hack disagree. They point out that the DVD 
encryption was cracked not for piracy but as part of a project to develop a 
Linux-based DVD player, something the DVD industry itself has yet to 
tackle. Meanwhile, some are calling for increased proliferation of the DVD 
hack as a way to protest the lawsuit. 

...filed Dec. 27 at the Santa Clara County office of the California 
Superior Court, the DVD Copy Control Association Inc. (Morgan Hill, 
Calif., www.dvdcca.org) sought a restraining order forcing... 

...for DeCSS, a small software program that can copy the encrypted video 
portion of a DVD disk . 

In addition, the DVD group wants the restraining order to forbid linking 
to Web sites that contain any of... 



.to DeCSS code. 



The complaint, which activists have posted on the Web at cryptome.org/ dvd 
-v-500.htm, lists 72 offending Web sites. Twenty-one defendants are 
mentioned by name, and five of those reside outside the United States. 

The DVD CCA has been sending cease-and-desist letters to some Web page 
owners since the... 

...first to post DeCSS code to the Web. Johansen is not listed as a 
defendant . 

DVD CCA representatives were unavailable for comment. In a prepared 
statement, they said they have worked... 



...lawsuit was filed. 



According to the complaint, "Without the motion picture companies' 
copyrighted content for DVD video, there would be no viable market for 
computer DVD drives and DVD players, as well as the related computer 
chips and software necessary to run these devices, and thus there would be 
no DVD video industry." 

Indeed, some manufacturers have put off releasing DVD audio players, 
citing the hole in security (EE Times Dec. 6, 1999, page 1) . Some 
manufacturers estimate it will take six months to revamp the security 
scheme . 

In addition, the DVD CCA may have filed the suit in self-defense. 
Incorporated in Dela-ware, the DVD CCA describes itself as a 
not-for-profit trade association formed to handle licensing administration 
for the DVD industry. Just as DeCSS allegedly threatens the DVD 
manufacturers, it also threatens "the very existence of DVD CCA" and 
could lead to the demise of the association, according to the complaint. 
The . . . 

...useful. Some call for widespread proliferation of DeCSS to toss a monkey 
wrench at the DVD CCA; one poster likened the strategy to the 
"whack-a-mole" carnival game. 



Meanwhile, some... 
...code is available. 



Linux project 



DeCSS started with an effort to build a Linux-compatible DVD reader. A 
DVD reader must carry a file containing one of 400 "master keys" included 
on every DVD disk . These keys identify authorized DVD players. 

While reverse -engineering the DVD specification, programmers found that 
Xing Technologies Corp. had not encrypted its DVD master key. That helped 
open up CSS and led to the creation of DeCSS. 

The DVD body worries that some of CSS ' s inner workings have been 
disclosed. CSS must be kept secret to prevent DVD piracy, the complaint 
charges . 

The Electronic Frontier Foundation has provided a lawyer to represent the 



...of the California Superior Courthouse in San Jose on Dec. 29, as a 

hearing considered DVD CCA's bid for a temporary restraining order. 

Java programmer Andrew McLaughlin, a defendant, insists DeCSS aims to bring 

DVD to Linux and poses no new threat of piracy for DVD titles. "It was 
the opportunity to distribute software that would help people watch DVDs on 
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Cracking DVD 

. . . (the movie industry chose to store films in a special format known as 
digital video disc ) 

ABSTRACT : 

Presented is a discussion on digital video discs ( DVD ) . Unlike ordinary 
audio compact- discs (CDs) , DVDs make use of a special encryption called 
the Content Scrambling System (CSS) to prevent illegal copying. DVD 
encryption varies according to one of six regions arbitrarily dividing the 
world. Such arbitrary division of the world into regions help limit the 
spread of any illegal copying. A DVD disc can only be played on DVD 
players designed for a specific region. Some groups found flaws in the CSS 
employed by. . . 

...flaw in CSS encryption. DoD uncovered the encryption flaw and created 
its own program called DVD Speed Ripper for copying DVD discs . 
Initially, the program failed to copy all types of DVD discs . Once the 
DoD group fixed the problem, the MoRE group incorporated the changes in its 

...called DECSS. The DECSS program is a small 60KB program that can copy an 
encrypted DVD file to a hard disk without using the protective layer of 
encryption. Article includes a discussion on the lawsuits slapped by the 
DVD Copy Control Association on Web sites offering the DECSS program. 



TEXT: 

. . .has haunted the entertainment industry since the days when people 
started copying albums using ordinary tape cassettes. The software 
industry battled the next wave of pirates by adding clumsy copy-protection 
schemes to keep people from copying floppy disks containing games or 
business programs. 

Software publishers temporarily foiled software pirates by switching from 
easily-copied floppy disks to compact discs , but it was only a matter 
of time before re -writable CD - ROM drives became commonplace on 
virtually every new computer, giving everyone the technology to copy entire 
CDs on their home computers as easily as copying a floppy disk . 

Understandably, the movie industry hesitated about putting feature films on 
compact discs . If software pirates could copy movies on CD as easily 
as they copied programs such as Microsoft Office 2000 or Windows NT, the 
movie industry would stand to lose millions in royalties alone. 



THE BIRTH OF DVD 



To prevent illegal copying, the movie industry decided to store films in a 
special format known as DVD (which stands for Digital Versatile Disc or 
Digital Video Disc ) . Unlike ordinary audio CDs, DVD discs use 
special encryption to prevent illegal copying, called a Content Scrambling 
System (CSS) . To play a CSS -encoded movie, your DVD player needs a 5 -byte 
(40-bit) decryption key. 

For additional protection, DVD encryption varies according to one of six 
regions arbitrarily dividing the world. The regions are... 

...the world into regions helps limit the spread of any illegal copying. To 
play a DVD disc , you need a DVD player, which can be a chunk of 
hardware like an ordinary audio CD player or a program that runs on a 
computer . DVD players ( hardware or software) can only play DVD 
discs designed for a specific region. 

For example, a DVD disc from China (Region 6) would not work in a DVD 
player sold in North America (Region 1) . So even if hackers in Asia found a 
way to illegally copy DVD discs from Hong Kong, they could only 
distribute their pirated DVD copies within a limited region. While not 
eliminating potential piracy, it does limit the spread of illegal DVD 
copying. (For more information about the basics of DVD , visit www. dvd 
. com . ) 

CRACKING CSS 

When copy-protected floppy disks arrived, computer crackers pored over 
the details until they found a way to duplicate copy-protected disks . So 
when DVD discs arrived with encryption, crackers all over the world 
examined it carefully, searching for flaws. 

Contrary. . . 

...to a paper jointly written and posted by both groups at 
http://02.uio.no/ dvd /codef ree/decss . html , DoD discovered the encryption 
flaw first and developed a program called DVD Speed Ripper, for copying 
DVD discs . However, the DVD Speed Ripper program initially failed to 
copy all types of DVD discs . Once the DoD group fixed this problem, the 
MoRE group incorporated these changes in its own program called DeCSS . 

In addition, the two hacker groups didn't actually crack the DVD 
encryption. Instead, they exploited a fatal mistake. To protect the 
encryption of DVD discs , all companies making DVD players and 
software must encrypt their DVD decryption keys to prevent reverse 
-engineering. However the XingDVD player, made by Xing Technologies, a 
subsidiary of RealNetworks, failed to... 

. . .due to human error rather than any flaw in its encryption algorithm. As 
a result, DVD encryption is pretty much useless in preventing illegal 
copying of DVD discs . 

HOW THE DECSS PROGRAM WORKS 

The DeCSS program is a small 60 KB program that can copy an encrypted DVD 
file (which has a .VOB extension) to a hard disk , minus the protective 
layer of encryption. Once copied to a hard disk , you can freely copy and 
distribute the unencrypted movie over the Internet. When rewritable DVD 
drives appear, you'll be able to copy DVD discs as easily as copying an 
ordinary floppy disk . 



photo omitted 



In the age of massive hard disks and faster Internet access courtesy of 
DSL and cable modems, transferring an entire movie file... 

...9.4 gigabytes) may be cumbersome! but not impossible. 

Since Internet access speeds and hard disk space are always getting 
faster, cheaper and larger, it's only a matter of time before DVD copying 
will become as common as tape recording albums off your stereo. (For more 
information about DeCSS, visit The Ultimate DeCSS Resource Site at 
www. pzcommunicat ions . com/decss/main. htm) 



THE LEGAL AFTERMATH 



With DVD encryption defeated, the entertainment industry turned to a 
long-cherished defensive tactic -- lawsuits. The DVD Copy Control 
Association (CCA) diligently tracks any Web sites offering the DeCSS 
program and threatens . . . 



...s site at www.2600.com.) 



photo omitted 

Unless manufacturers decide to scrap the current DVD format and develop a 
newer, more secure format, DVD copying will be available to anyone. Even 
if the industry quickly moves to a different... 



. . .publicize any fatal flaw. 



Copyright enforcement has always been difficult, and the latest debacle 
over DVD merely highlights this fact. No matter what you protect, there 
will always be a way. . . 

PRODUCT NAMES: Motion picture and video tape production (781200) 
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Providing software protection capability or a CD - ROM drive, (technical) 

ABSTRACT: A CD - ROM can hold many large software packages on one disk 
, which can provide significant cost savings over tape distribution but 
poses a security problem. Load- time security, which permits customers to 
load a package from the disk only with proper authority, is the method 
used for the Hewlett-Packard Model 600/A. . . 



...run-time security. Another method used on the 600/A is scrambling data 
on the disk to prevent reading a protected disk with another CD - ROM 
reader. A security toolbox can be used by the customer. The tools include 
the capability to lock and unlock discrete portions of the disk 
selectively, unscramble or decode secured data, and the ability to give the 
host a unique . . . 

security, which prevents loading a package without the proper 
authority, and scrambling data on the disk to prevent reading a protected 
disk with another CD - ROM reader. 

AN EFFECTIVE USE of CD -ROMs is for the distribution of very large 
quantities of software and literature. Before CD - ROM technology, 
software updates were distributed on tape . This method required the 
creation of multiple customized tapes for each customer. The tapes 
contained only the software that the customer had purchased. The security 
solution with this method was simple-customers only received tapes for 
the packages they had purchased. 

With CD - ROM as the distribution medium, many large software 
packages can fit on one disk . This capability provides a significant cost 
savings over the tape distribution method. The problem with using CD 
-ROMs for distribution is how to give customers many software packages on 
one disk yet restrict them from using software that they did not 
purchase. This article discusses some aspects of the HP Series 6100 Model 
600/A CD - ROM drive security scheme. 

Implementation Considerations 

Two security schemes were considered for the HP Model 600... 
. . . security . 

Load-time security does not allow the customer to load a package from 
the disk without the proper authority. This is the method we decided to 
use for the Model . . . 

...satisfies both of the constraints mentioned above. The authority for 
accessing packages on an HP CD - ROM is a unique password that is shipped 
to the customer with each disk . This password enables customers to 
identify themselves uniquely to the Model 600/A CD - ROM drive. 
Security Toolbox 

There are many opinions on and methods of implementing software 
security features. . . 



...provided in the toolbox include: 

* The capability to lock and unlock discrete portions of the disk 
selectively 

* The ability to unscramble or decode secured data 

* The ability to provide the host... 

. . .The security scheme implemented may be defined in the security 
information that goes on the disk when it is mastered. This information 
may also define which host -to- disk commands (Command Set 8 0 commands) the 
Model 600/A will accept from the host. 

The security information for a disk is located in the disk 1 s 
system area. When a disk is mounted in the drive, based on the 
information in the system area, the Model... 

...redefines the default values of certain parameters. The default values 
are used when a new disk is loaded and after a Security Clear command is 
received from the host . 
Region Access Map 

The capability to lock and unlock regions of the disk selectively 
is provided using a structure called a region access map, which is located 
in the system area of the disk . The region access map logically divides 
the disk into regions . Each region has one or more logical sectors and 
each region is assigned. . . 

...lock or unlock. A default group access map exists in the system area of 
the disk . The group access map is a string of bits with the value of each 
bit. . . 

...and a verification password must be sent from the host to the Model 
600/A disk controller. The disk controller will do some manipulation on 
the group access map, the publication identifier from the disk , and the 
internal identifier of the disk controller. The result of the 
manipulation is compared with the verification password received from the 
host. If the comparison proves that the group access map, the disk , and 
the disk controller all belong together, the customer's group access map 
is accepted as defining the locked and unlocked groups on the disk . If 
not, the HP Model 600/A disk controller will use the default group access 
map located in the system area of the disk . Fig. 2 summarizes this 
process . 

To keep anyone from setting up a computer and sending files that 
might exist on a software distribution disk . The operating system is 
contained in logical sectors 0 through 500, the COBOL compiler in... 

...both use drivers located in sectors 701 through 750. The region access 
map contains the disk addresses of each file. All the operating system 
files are assigned to group 0, the... 

...to locked (see Fig. 3c) . Because there may be hundreds of software 
packages on a disk , it would be easier if the customer did not have to 
type in the group . . . 

...that the customer can unlock only purchased software. 

When the customer tries to access the disk , a host program will ask 
the customer for the password that came with the disk . The program will 
send the group access map and the password to the Model 600/A disk 
controller, and after performing the comparison process described earlier, 
the controller will unlock the correct portions of the disk . Once the 
disk is unlocked, it can be read using any standard CS-80 driver. 

if the host does try to access a locked portion of the disk , the 



Model 600/A will normally respond with a NO DATA FOUND fault. However, 
there . . . 

. . .to find out if an attempt was made to access a locked region of the 
disk and that invalid data was transmitted. 
Unscrambling Data 

The lockable disk is only secure if it is mounted in the Model 
600/A CD - ROM drive. To prevent reading the disk from another CD - 
ROM reader, the data on a distribution disk is scrambled. The Model 
600/A can unscramble a disk that has its data scrambled. This option 
should protect the packages from being loaded via... 

. . .Model 600/A is an 8-byte value that can be located either on the disk 
or sent from the host. If the key is on the disk and scrambled, it is 
decoded using a predefined algorithm. If the key is sent from. . . 

...be decoded using an algorithm that is unique to each customer's Model 
600/A CD - ROM drive. This scheme allows each of several customers to 
have a unique key even if . . . 

...for unscrambling data can be used in different ways. One method 
unscrambles either the whole disk or selected portions of the disk when 
data is read from the disk and sent to the host. Another method involves 
the host's using the Model 600... 

...a package are scrambled. If the key used to unscramble the data is on 
the disk , the default method is to unscramble all data as it is read from 
the disk (see Fig. 4 switch position 2) . If the key is sent from the 
host, the default method is to read the data and leave... 

...600/A as an unscrambling box the host reads a complete scrambled file 
from the disk and then sends a customer-unique deciphering key to the 
CD - ROM drive. The host's unscrambling algorithm is a write, unscramble, 
and read sequence. First the... 

...the host commands the controller to unscramble the data in the buffer 
using the deciphering key passed down earlier (see Fig. 4 switch 
position 1). Finally, the host uses the CS - 8 0 ... Command Protocol 

The HP- IB Command Set 80 protocol is used for communication between 
the CD - ROM reader and the HP 3000 MPE VE operating system. To simplify 
integration and for initial system startup the Model 600/A looks like a 
writeprotected HP 7935A 300-megabyte disk to the HP 3000 MPE VE operating 
system. 

Making the Model 600/A look like... 

...was simple. The biggest problem was trying to support the Release 
command, which frees a disk to be removed from the drive. Without a 
button on the front panel of the Model 600/A, the customer cannot request 
that the disk be released. On the HP 7935A, if the customer wants to 
remove a disk , the front-panel release button is pressed and the HP 7935A 
executes a release sequence that essentially asks the host if it can 
release the disk and go off-line, allowing the user to remove the disk 
and replace it with another disk . The HP 3000 system recognizes this 
sequence and knows that a disk has been removed and possibly replaced. 

On the Model 600/A, if the door is unlocked, the user can remove a 
disk caddy at any time. It would be meaningless to make a Release request 
to the host because if the host denied the request, the host would think 
that the same disk was still loaded. The solution to this problem is that 
when a disk is removed a report is sent to the host that a new disk of 
zero length has just been loaded. 



The constraint of trying to look like a... 
. . .protected HP 7935A meant that commands specific to the security or audio 
features of the CD - ROM had to be added under the CS-80 initiate Utility 
command. Service 

Servicing the Model. . . 

...service engineer must have a means of programming these numbers in the 
field when a CD - ROM drive's controller board is replaced. The 
alternative to this would be to return the... 

...the repair controller board serial number back to REPAIRBD. The process 
requires that a special disk be mounted into the drive before a second 
special service command (Service 11) is executed. The combination of the 
special disk and the bytes sent with the Service II command will 
reprogram the serial number REPAIRBD. . . 

...Service II command is attempted and proves to be an invalid command 
because the wrong disk is being used or the wrong bytes are sent to the 
model 600/A, the. . . 

. . . factory for reprogramming . 
Utility Commands 

The utility commands are CS-80 commands developed to support CD - 
ROM capabilities, security toolbox functions, and status information 
relevant to the Model 600/A security scheme... 

...are not in the formal CS-80 definition but fit into the CS-80 protocol. 
CD - ROM Commands. The following CS-80 commands are designed to support 
the Model 600/A and the features of CD -ROMs. 

* Door Lock. Lock the drive's media door to prevent unwanted removal 
of the disk . 

* Door Unlock. Unlock the drive's media door to allow removal of 

disk . 

* Play Audio (length of play) (address of audio portion of the disk 
where to start playing) . Play an audio portion of the CD - ROM . This 
command will return to the report phase when the audio is finished. 

* Play Audio With Return Address (length of play) (address of audio 
portion of the disk where to start playing) . Play an audio portion of the 

CD - ROM . This command will have multiple execution phases. At the end of 
each execution phase the... 

. . .of that track and the control and address field from the Q channel of 
the CD - ROM . 

* Set Logical Sector Length (sector length) . This command will modify 
the logical length of a. . . 

. . .will be either 256 bytes or the length defined in the system area of the 
disk . The typical frame of an industry- standard CD - ROM written with 
computer data contains 16 bytes of header, 2048 bytes of data, and 288 will 
return data from the data field. If the disk has data for which data 
integrity is not important (e.g., video data), the ECC... 

...minus the header field). The 2352-byte length will return the full 
sector. If the CD - ROM is a secured disk , this command is disallowed. 

Security Toolbox Commands. These are the CS-80 commands that 
implement . . . 

...the data fill capability. If data fill is enabled when a locked region 
of the disk is encountered, the fill word will finish the rest of the 
current transaction and the... 



...data fill is disabled, the current transaction will abort when a locked 
region of the disk is encountered and the NO DATA FOUND fault is set. 

* Unscramble Buffer (length of data. . . 

...1) . 

* Unscrambled Read on/off) . This command will either send the data 
stream from the disk through the unscrambling algorithm (on) or not (off) 
before sending the data to the host... 

...cause the contents of the controller's data buffer to be returned to the 
host . 

* Receive Data Unscrambling Key ( key ) . This command will cause 
the key received to be manipulated by the Model 600/A's unique 
identifier algorithm and then be used as the unscrambling key for future 
unscrambling. 

* Receive Group Access Map password) (group access map) . This 
command will cause the received group access map to be accessed if the 
password, the group map, and the currently loaded CD - ROM 's identifier 
all belong together. 

* Return Drive Security Number. This command will cause the Model... 

. . .4) . 

Security Status Commands. The following commands were added to 
retrieve status information about the CD - ROM and to make the security 
toolbox easier to use. 

* Report Security Quick Status. This command will return one byte 
that indicates powerfail, disk change, and/or a security fault. This 
status is cleared either by a Security Clear... 

...Request Security Status. This command will return a string of bits 
indicating the type of disk currently loaded, the security features that 
are present in the system area of the disk , and the security faults that 
have occurred. This status is cleared either by the Security. . . 

...and the Security Clear command is that the CS-80 Clear command will set 
the CD - ROM reader and all internal state machines back to power-on 
conditions. The Security Clear command will set the security features back 
to either power-on or new disk loaded conditions. Using the Security 
Clear and the CS-80 Clear commands independently will help... 

. . . commands . 

Conclusion 

The tools designed into the HP Series 6100 Model 600/A HP- IB CD - 
ROM drive should be adequate for almost any user who wants to distribute 
software or data on CD - ROM disks . The disk publisher can tailor the 
security level to range from no security at all to a... 

...to the host CS-80 driver, the commands are available to do so. If the 
disk distributor wants to change the unique customer password verification 
number, there are hooks built into. . . 
...the distributor and the customer. 
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